In a typical multi-user software system different users have access to different types of information and are able to perform different types of actions. Permissions may for example be granted based on the work description of the particular user. As a few examples, an administrator could be permitted to access all information and perform any action in the system, a human resource representative should be permitted to perform personnel tasks and view salaries and similar matters, an employee at a finance department should be permitted to access financial records and make budget reports, a visitor or guest may be permitted to have only a read-only access to information and no access at all to sensitive information etc.
However, using the above approach entails some drawbacks. It sometimes happens that a particular work task requires information or actions of several of the above exemplified types of roles, and thus their respective permissions. In order to solve this work task, the different users, having their particular access rights, could do the parts of the work task that they have permissions for. That is, the different users do their own tasks related to the work task separately from each other, after which the result is somehow merged in the end. Obviously, such solution is inefficient and less than optimal.
Another way of solving the work task could be to create a new special user with a login having the combined permissions needed to perform the work task. However, to create such special user permissions each time a work task requires the permissions of different user categories is also very inefficient and most likely also needing an administrator creating the special user login.
In view of the above, there is a need for a more flexible solution in this regards.